deps(upgrade): bump actions/github-script from 6 to 7 #1368
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and test | |
on: | |
# Build PRs | |
pull_request_target: | |
types: [ opened, synchronize, reopened ] | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
- '**/*.md' | |
- '.github/workflows/bump*.yaml' | |
- '.github/workflows/docs.yaml' | |
- '.github/workflows/codeql*.yaml' | |
- '.github/workflows/command-*.yaml' | |
- '.github/workflows/clear-cache.yaml' | |
- '.github/workflows/deploy-tag.yaml' | |
- '.github/workflows/prepare-release.yaml' | |
# On push event | |
push: | |
# Build only changes pushed into the `master` branch -- avoids double builds when you push in a branch which has a PR. | |
branches: | |
- master | |
- pipeline | |
# Ignore documentation changes (Netlify will handle this) | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
- '**/*.md' | |
- '.github/workflows/bump*.yaml' | |
- '.github/workflows/docs.yaml' | |
- '.github/workflows/codeql*.yaml' | |
- '.github/workflows/command-*.yaml' | |
- '.github/workflows/clear-cache.yaml' | |
- '.github/workflows/deploy-tag.yaml' | |
- '.github/workflows/prepare-release.yaml' | |
workflow_dispatch: | |
# Currently you cannot use ${{ env.IS_FORK }} for some reason, which is why you might need to copy-paste some of these. | |
env: | |
REPOSITORY: ${{ github.repository }} | |
IS_FORK: ${{ github.event.pull_request.head.repo.fork == true }} | |
IS_PR: ${{ github.event_name == 'pull_request' }} | |
EVENT_NAME: ${{ toJSON(github.event_name) }} | |
# format: username:branch | |
PR_HEAD_LABEL: ${{ toJSON(github.event.pull_request.head.label) }} | |
PR_NUMBER: ${{ github.event.number }} | |
jobs: | |
build-and-test: | |
environment: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.fork == true && 'external-collaborators' || '' }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macos-latest ] | |
java: [ 11, 17 ] | |
#os: [ ubuntu-latest ] | |
#java: [ 11 ] | |
steps: | |
- name: Show GitHub context | |
run: echo "$EVENT_NAME $REPOSITORY $PR_HEAD_LABEL $IS_PR $IS_FORK ${{ github.event.pull_request.head.sha || github.sha }}" | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
fetch-depth: '0' # 0 because of sonar needs git blame. | |
- name: Setup Java ${{ matrix.java }} | |
uses: actions/setup-java@v4 | |
with: | |
java-version: ${{ matrix.java }} | |
distribution: "temurin" | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
with: | |
# The Gradle wrapper's version (already the default, putting it here to clarity) | |
gradle-version: wrapper | |
# Removing unused files from Gradle User Home before saving to cache (i.e. older versions of gradle) | |
gradle-home-cache-cleanup: true | |
# Cache downloaded JDKs in addition to the default directories. | |
gradle-home-cache-includes: | | |
caches | |
notifications | |
jdks | |
- name: Check if code is eligible for deploying snapshot version | |
id: deploy_check | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require('fs'); | |
const manifest = JSON.parse(fs.readFileSync('.release-please-manifest.json')); | |
const data = { | |
"version": manifest["."], | |
"is_snapshot": manifest["."].toLowerCase().includes("snapshot"), | |
"matrix": "${{ matrix.os }}", | |
"jdk": "${{ matrix.java }}", | |
"is_fork": "${{ env.IS_FORK }}", | |
"branch" : "${{ github.head_ref || github.ref_name }}" | |
} | |
const is_deployable = data.matrix == "ubuntu-latest" && data.jdk == "11" && data.is_fork == "false" && data.branch == "master" && data.is_snapshot == true | |
console.log("Data: ", data); | |
console.log("Is deployable: " + is_deployable); | |
return { | |
version: data.version, | |
is_snapshot: '' + data.is_snapshot, | |
is_deployable: '' + is_deployable | |
} | |
- name: Setup key | |
uses: crazy-max/ghaction-import-gpg@v5 | |
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} | |
with: | |
fingerprint: ${{ vars.GPG_FINGERPRINT }} | |
gpg_private_key: ${{ secrets.GPG_KEY }} | |
passphrase: ${{ secrets.GPG_PASS }} | |
trust_level: 5 | |
- name: Build and test | |
env: | |
S3FS_BUCKET_NAME: ${{ secrets.S3FS_BUCKET_NAME }} | |
S3FS_ACCESS_KEY: ${{ secrets.S3FS_ACCESS_KEY }} | |
S3FS_SECRET_KEY: ${{ secrets.S3FS_SECRET_KEY }} | |
S3FS_REGION: ${{ secrets.S3FS_REGION }} | |
S3FS_PROTOCOL: "https" | |
run: ./gradlew build jacocoTestReport -PwithSignature=${{ fromJSON(steps.deploy_check.outputs.result).is_deployable }} --warn --stacktrace | |
- name: Publish code analysis to Sonarcloud | |
# [WARNING] The version of Java (11.0.21) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17. | |
if: ${{ matrix.os == 'ubuntu-latest' && matrix.java == '17' }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
S3FS_PUBLISH_SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
S3FS_PUBLISH_SONAR_BRANCH: ${{ github.event_name == 'pull_request_target' && '' || github.head_ref || github.ref_name }} | |
S3FS_PUBLISH_SONAR_PR_NUMBER: ${{ env.PR_NUMBER }} | |
S3FS_PUBLISH_SONAR_PR_BRANCH: ${{ github.event.pull_request.head.ref }} | |
S3FS_PUBLISH_SONAR_PR_BASE: ${{ github.event.pull_request.base.ref }} | |
run: ./gradlew sonar | |
continue-on-error: true | |
- name: Check file signature | |
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} | |
run: | | |
ls -al ./build/libs/ | |
for f in ./build/libs/*.asc; do | |
echo "Verifying $f" | |
gpg --verify $f | |
done | |
# Publish snapshot only when on master branch, version is actually snapshot and from just one of the matrix jobs. | |
- name: Publish snapshot (only on master branch) | |
if: ${{ fromJSON(steps.deploy_check.outputs.result).is_deployable == 'true' }} | |
env: | |
S3FS_PUBLISH_SONATYPE_USER: "${{ secrets.S3FS_PUBLISH_SONATYPE_USER }}" | |
S3FS_PUBLISH_SONATYPE_PASS: "${{ secrets.S3FS_PUBLISH_SONATYPE_PASS }}" | |
run: | | |
./gradlew publish |